Apps Containing Shady Cryptomining Code Found on Play Store

coin hive

Thanks to the adoption of blockchain technology, we have seen the increased adoption of the use of cryptocurrency around the globe. This has led people to either mine for it or buy it for sale later on. Thanks to this, there has been a cryptocurrency ‘gold rush’ of sorts and this has led to some using unscrupulous ways of using the CPU power of unsuspecting users.

On September, we started seeing reports of websites like Pirate Bay and some Kenyan ones that contained scripts of a browser based miner called Coin Hive like. This miner harnessed the power of a user’s CPU power when they are browser which is used to generate money for the website if it was done intentionally.

Now according to Trend Micro, this coin miner tactic has been employed on apps that are on Google Play. Trend Micro found out that there were apps that were using malicious cryptocurrency mining capabilities on Google play that injected native javascript scripts to avoid detection.

They found two categories of malicious apps on the Play Store that were detected as ANDROIDOS_JSMINER and ANDROIDOS_CPUMINER.

Trend Micro found out two apps that were detected as ANDROIDOS_JSMINER which were repackaged as unsuspecting apps: A rosary app (Recitiamo Santo Rosario Free) and a wireless app (SafetyNet Wireless App). When these apps were ran, they loaded the javascript code from Coinhive and started mining with the attacker’s own site key. When the app is running, the CPU usage becomes exceptionally high, just like what we see on the regular computer attacks. They only found one app that was repackaged as ANDROIDOS_CPUMINER and it was a wallpaper app (Car Wallpaper HD: Mercedes, ferrari, bmw and audi).

Fortunately, they reached out to Google and these apps are no longer on the Play Store, which is a relief. This means from now on, you will be required to be checking the CPU usage of your phone as a first indication whether you might have a rogue app installed.

It was found that 500 million people were vulnerable to in browser cryptocurrency mining so make sure to be extra vigilant of these attacks. On desktop, you can use such handy Chrome extensions to block cryptominers from taking your laptop, but we now have to wait and see what we can get for our phones.